chore(deps): update dependency pytest to v9.0.3 [security]#12
chore(deps): update dependency pytest to v9.0.3 [security]#12renovate[bot] wants to merge 1 commit intodevfrom
Conversation
Reporting for duty! The automated checks have completed. 🎖️I've aggregated the results of the automated checks for this PR below. 📋 Repo HealthEnsuring the repository stays strong and healthy. 💪 Latest Version: ✅ 🔍 LintThe data is in, and it's looking interesting! 🧐 ❌ ruff: issues found — see job log 📊 CoverageChecking the integrity of our test cases. 💎 ✅ 89.9% total coverage Files below 80% coverage (1 file)
Full report: download the 🏷️ Release PreviewI've checked the 'Platform Support' matrix. 💻 Current:
🚀 Release Channel Compatibility Predicted next version:
⚖️ License CheckThe license check is now finished. 🏁 ✅ No license violations found (42 packages). License distribution: 16× MIT License, 5× Apache Software License, 5× MIT, 3× Apache-2.0, 2× BSD-3-Clause, 2× ISC License (ISCL), 1× Apache Software License; BSD License, 1× Apache-2.0 AND CNRI-Python, +7 more Full breakdown — 42 packages
Copyright (c) 2022 Phil Ewels Permission is hereby granted, free of charge, to any person obtaining a copy The above copyright notice and this permission notice shall be included in all THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR Policy: Apache 2.0 (universal donor). StrongCopyleft / NetworkCopyleft / WeakCopyleft / Other / Error categories fail. MPL allowed. 🔨 Build TestsEnsuring no loose screws in the assembly. 🔩 ✅ All versions pass
The silent guardian of the dev branch. 🦇 |
This PR contains the following updates:
9.0.2→9.0.3GitHub Vulnerability Alerts
CVE-2025-71176
pytest through 9.0.2 on UNIX relies on directories with the
/tmp/pytest-of-{user}name pattern, which allows local users to cause a denial of service or possibly gain privileges.Severity
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:LRelease Notes
pytest-dev/pytest (pytest)
v9.0.3Compare Source
pytest 9.0.3 (2026-04-07)
Bug fixes
#12444: Fixed
pytest.approxwhich now correctly takes into account~collections.abc.Mappingkeys order to compare them.#13634: Blocking a
conftest.pyfile using the-p no:option is now explicitly disallowed.Previously this resulted in an internal assertion failure during plugin loading.
Pytest now raises a clear
UsageErrorexplaining that conftest files are not plugins and cannot be disabled via-p.#13734: Fixed crash when a test raises an exceptiongroup with
__tracebackhide__ = True.#14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.
#14343: Fixed use of insecure temporary directory (CVE-2025-71176).
Improved documentation
-pvsPYTEST_PLUGINSplugin loading and fixed an incorrect-pexample.capsysandcapfd) take precedence over the-s/--capture=nocommand-line options inAccessing captured output from a test function <accessing-captured-output>.pytest_collectionhook setssession.itemsbefore it callspytest_collection_finish, not after.Contributor-facing changes
#12689: The test reports are now published to Codecov from GitHub Actions.
The test statistics is visible on the web interface.
-- by
aleguy02Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.